Extending Attack Graphs to Represent Cyber-Attacks in Communication Protocols and Modern IT Networks
An attack graph is a method used to enumerate the possible paths that an attacker can execute in the organization network. MulVAL is a known open-source framework used to automatically generate attack graphs. MulVAL's default modeling has two main shortcomings. First, it lacks the representatio...
Gespeichert in:
| Hauptverfasser: | , , , , , , , , , |
|---|---|
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Stan, Orly Bitton, Ron Ezrets, Michal Dadon, Moran Inokuchi, Masaki Ohta, Yoshinobu Yamada, Yoshiyuki Yagyu, Tomohiko Elovici, Yuval Shabtai, Asaf |
| description | An attack graph is a method used to enumerate the possible paths that an
attacker can execute in the organization network. MulVAL is a known open-source
framework used to automatically generate attack graphs. MulVAL's default
modeling has two main shortcomings. First, it lacks the representation of
network protocol vulnerabilities, and thus it cannot be used to model common
network attacks such as ARP poisoning, DNS spoofing, and SYN flooding. Second,
it does not support advanced types of communication such as wireless and bus
communication, and thus it cannot be used to model cyber-attacks on networks
that include IoT devices or industrial components. In this paper, we present an
extended network security model for MulVAL that: (1) considers the physical
network topology, (2) supports short-range communication protocols (e.g.,
Bluetooth), (3) models vulnerabilities in the design of network protocols, and
(4) models specific industrial communication architectures. Using the proposed
extensions, we were able to model multiple attack techniques including:
spoofing, man-in-the-middle, and denial of service, as well as attacks on
advanced types of communication. We demonstrate the proposed model on a testbed
implementing a simplified network architecture comprised of both IT and
industrial components. |
| doi_str_mv | 10.48550/arxiv.1906.09786 |
| format | Article |
| fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_1906_09786</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>1906_09786</sourcerecordid><originalsourceid>FETCH-LOGICAL-a676-fd6ed852d440de0224e9ad1a3904bdada620d0e824254b610e4cefe8f7aeb9aa3</originalsourceid><addsrcrecordid>eNotz8tOwzAQhWFvWKDCA7BiXiDBcRwnWVZRKZXKRSj7aJKZgNXGrhwD7dsjWlZn8-tInxB3mUx1VRTyAcPRfqdZLU0q67Iy14JWx8iOrPuAZYw47GAd8PA5Q_TwzofAM7sIzannkFyCGayDxk_Tl7MDRusdvAUf_eD3M6AjePbEwcGmhReOPz7s5htxNeJ-5tv_XYj2cdU2T8n2db1pltsETWmSkQxTVSjSWhJLpTTXSBnmtdQ9IaFRkiRXSqtC9yaTrAceuRpL5L5GzBfi_nJ7ZnaHYCcMp-6P2525-S-YmFID</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Extending Attack Graphs to Represent Cyber-Attacks in Communication Protocols and Modern IT Networks</title><source>arXiv.org</source><creator>Stan, Orly ; Bitton, Ron ; Ezrets, Michal ; Dadon, Moran ; Inokuchi, Masaki ; Ohta, Yoshinobu ; Yamada, Yoshiyuki ; Yagyu, Tomohiko ; Elovici, Yuval ; Shabtai, Asaf</creator><creatorcontrib>Stan, Orly ; Bitton, Ron ; Ezrets, Michal ; Dadon, Moran ; Inokuchi, Masaki ; Ohta, Yoshinobu ; Yamada, Yoshiyuki ; Yagyu, Tomohiko ; Elovici, Yuval ; Shabtai, Asaf</creatorcontrib><description>An attack graph is a method used to enumerate the possible paths that an
attacker can execute in the organization network. MulVAL is a known open-source
framework used to automatically generate attack graphs. MulVAL's default
modeling has two main shortcomings. First, it lacks the representation of
network protocol vulnerabilities, and thus it cannot be used to model common
network attacks such as ARP poisoning, DNS spoofing, and SYN flooding. Second,
it does not support advanced types of communication such as wireless and bus
communication, and thus it cannot be used to model cyber-attacks on networks
that include IoT devices or industrial components. In this paper, we present an
extended network security model for MulVAL that: (1) considers the physical
network topology, (2) supports short-range communication protocols (e.g.,
Bluetooth), (3) models vulnerabilities in the design of network protocols, and
(4) models specific industrial communication architectures. Using the proposed
extensions, we were able to model multiple attack techniques including:
spoofing, man-in-the-middle, and denial of service, as well as attacks on
advanced types of communication. We demonstrate the proposed model on a testbed
implementing a simplified network architecture comprised of both IT and
industrial components.</description><identifier>DOI: 10.48550/arxiv.1906.09786</identifier><language>eng</language><subject>Computer Science - Cryptography and Security</subject><creationdate>2019-06</creationdate><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,885</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/1906.09786$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.1906.09786$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Stan, Orly</creatorcontrib><creatorcontrib>Bitton, Ron</creatorcontrib><creatorcontrib>Ezrets, Michal</creatorcontrib><creatorcontrib>Dadon, Moran</creatorcontrib><creatorcontrib>Inokuchi, Masaki</creatorcontrib><creatorcontrib>Ohta, Yoshinobu</creatorcontrib><creatorcontrib>Yamada, Yoshiyuki</creatorcontrib><creatorcontrib>Yagyu, Tomohiko</creatorcontrib><creatorcontrib>Elovici, Yuval</creatorcontrib><creatorcontrib>Shabtai, Asaf</creatorcontrib><title>Extending Attack Graphs to Represent Cyber-Attacks in Communication Protocols and Modern IT Networks</title><description>An attack graph is a method used to enumerate the possible paths that an
attacker can execute in the organization network. MulVAL is a known open-source
framework used to automatically generate attack graphs. MulVAL's default
modeling has two main shortcomings. First, it lacks the representation of
network protocol vulnerabilities, and thus it cannot be used to model common
network attacks such as ARP poisoning, DNS spoofing, and SYN flooding. Second,
it does not support advanced types of communication such as wireless and bus
communication, and thus it cannot be used to model cyber-attacks on networks
that include IoT devices or industrial components. In this paper, we present an
extended network security model for MulVAL that: (1) considers the physical
network topology, (2) supports short-range communication protocols (e.g.,
Bluetooth), (3) models vulnerabilities in the design of network protocols, and
(4) models specific industrial communication architectures. Using the proposed
extensions, we were able to model multiple attack techniques including:
spoofing, man-in-the-middle, and denial of service, as well as attacks on
advanced types of communication. We demonstrate the proposed model on a testbed
implementing a simplified network architecture comprised of both IT and
industrial components.</description><subject>Computer Science - Cryptography and Security</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotz8tOwzAQhWFvWKDCA7BiXiDBcRwnWVZRKZXKRSj7aJKZgNXGrhwD7dsjWlZn8-tInxB3mUx1VRTyAcPRfqdZLU0q67Iy14JWx8iOrPuAZYw47GAd8PA5Q_TwzofAM7sIzannkFyCGayDxk_Tl7MDRusdvAUf_eD3M6AjePbEwcGmhReOPz7s5htxNeJ-5tv_XYj2cdU2T8n2db1pltsETWmSkQxTVSjSWhJLpTTXSBnmtdQ9IaFRkiRXSqtC9yaTrAceuRpL5L5GzBfi_nJ7ZnaHYCcMp-6P2525-S-YmFID</recordid><startdate>20190624</startdate><enddate>20190624</enddate><creator>Stan, Orly</creator><creator>Bitton, Ron</creator><creator>Ezrets, Michal</creator><creator>Dadon, Moran</creator><creator>Inokuchi, Masaki</creator><creator>Ohta, Yoshinobu</creator><creator>Yamada, Yoshiyuki</creator><creator>Yagyu, Tomohiko</creator><creator>Elovici, Yuval</creator><creator>Shabtai, Asaf</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20190624</creationdate><title>Extending Attack Graphs to Represent Cyber-Attacks in Communication Protocols and Modern IT Networks</title><author>Stan, Orly ; Bitton, Ron ; Ezrets, Michal ; Dadon, Moran ; Inokuchi, Masaki ; Ohta, Yoshinobu ; Yamada, Yoshiyuki ; Yagyu, Tomohiko ; Elovici, Yuval ; Shabtai, Asaf</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a676-fd6ed852d440de0224e9ad1a3904bdada620d0e824254b610e4cefe8f7aeb9aa3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Computer Science - Cryptography and Security</topic><toplevel>online_resources</toplevel><creatorcontrib>Stan, Orly</creatorcontrib><creatorcontrib>Bitton, Ron</creatorcontrib><creatorcontrib>Ezrets, Michal</creatorcontrib><creatorcontrib>Dadon, Moran</creatorcontrib><creatorcontrib>Inokuchi, Masaki</creatorcontrib><creatorcontrib>Ohta, Yoshinobu</creatorcontrib><creatorcontrib>Yamada, Yoshiyuki</creatorcontrib><creatorcontrib>Yagyu, Tomohiko</creatorcontrib><creatorcontrib>Elovici, Yuval</creatorcontrib><creatorcontrib>Shabtai, Asaf</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Stan, Orly</au><au>Bitton, Ron</au><au>Ezrets, Michal</au><au>Dadon, Moran</au><au>Inokuchi, Masaki</au><au>Ohta, Yoshinobu</au><au>Yamada, Yoshiyuki</au><au>Yagyu, Tomohiko</au><au>Elovici, Yuval</au><au>Shabtai, Asaf</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Extending Attack Graphs to Represent Cyber-Attacks in Communication Protocols and Modern IT Networks</atitle><date>2019-06-24</date><risdate>2019</risdate><abstract>An attack graph is a method used to enumerate the possible paths that an
attacker can execute in the organization network. MulVAL is a known open-source
framework used to automatically generate attack graphs. MulVAL's default
modeling has two main shortcomings. First, it lacks the representation of
network protocol vulnerabilities, and thus it cannot be used to model common
network attacks such as ARP poisoning, DNS spoofing, and SYN flooding. Second,
it does not support advanced types of communication such as wireless and bus
communication, and thus it cannot be used to model cyber-attacks on networks
that include IoT devices or industrial components. In this paper, we present an
extended network security model for MulVAL that: (1) considers the physical
network topology, (2) supports short-range communication protocols (e.g.,
Bluetooth), (3) models vulnerabilities in the design of network protocols, and
(4) models specific industrial communication architectures. Using the proposed
extensions, we were able to model multiple attack techniques including:
spoofing, man-in-the-middle, and denial of service, as well as attacks on
advanced types of communication. We demonstrate the proposed model on a testbed
implementing a simplified network architecture comprised of both IT and
industrial components.</abstract><doi>10.48550/arxiv.1906.09786</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | DOI: 10.48550/arxiv.1906.09786 |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_arxiv_primary_1906_09786 |
| source | arXiv.org |
| subjects | Computer Science - Cryptography and Security |
| title | Extending Attack Graphs to Represent Cyber-Attacks in Communication Protocols and Modern IT Networks |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-27T07%3A08%3A50IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Extending%20Attack%20Graphs%20to%20Represent%20Cyber-Attacks%20in%20Communication%20Protocols%20and%20Modern%20IT%20Networks&rft.au=Stan,%20Orly&rft.date=2019-06-24&rft_id=info:doi/10.48550/arxiv.1906.09786&rft_dat=%3Carxiv_GOX%3E1906_09786%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |